Cyber Security Headlines – September 18, 2025
Host: Sarah Lane, CISO Series
Main Theme:
A rapid daily overview of the latest cybersecurity incidents and trends, with a focus on breaches, threat groups, major corporate and policy updates, and evolving security challenges.
Key Stories & Insights
1. Insight Partners Warns Thousands After Ransomware Breach
[00:07]
- Venture and private equity firm Insight Partners is notifying 12,657 individuals about data compromised in a ransomware attack stemming from a social engineering incident in October 2024.
- Stolen information included banking records, tax details, and both employee and investor data, taken before the firm's servers were encrypted in January.
- No ransomware group has claimed responsibility for the attack.
- Victims are being offered credit and identity monitoring services.
Notable Quote:
- “Insight Partners is now offering affected individuals credit and identity monitoring. No ransomware group has claimed responsibility.” – Sarah Lane [00:15]
2. Scattered Spider Feigns Retirement, Strikes US Bank
[00:38]
- Despite recently announcing their retirement, the Scattered Spider group infiltrated a US bank, per ReliaQuest researchers.
- The attack relied on social engineering to compromise a Microsoft Entra ID account of an executive, followed by lateral movement via Citrix, VPN, and VMware systems.
- Attackers targeted and extracted credentials, focusing on data within Snowflake and AWS environments.
Notable Quote:
- “The attackers appear to have gained access by social engineering an executive’s Microsoft Entra ID account, then moved laterally… stealing credentials and targeting data in Snowflake and AWS.” – Sarah Lane [00:43]
3. Consumer Reports Criticizes Microsoft Over Windows 10 Support
[01:12]
- Consumer Reports has labeled Microsoft “hypocritical” for ending free Windows 10 support next month.
- The move endangers millions of PCs unable to upgrade to Windows 11, creating national security risks.
- Organizations like PIRG and iFixit have joined the criticism, emphasizing users will be forced to pay $30 for extended support, buy new hardware, or tolerate compromised security.
- Cites survey showing most Windows PCs purchased since 2019 are still active and expected to outlast the OS cycle.
Memorable Moment:
- “Consumer Reports says Microsoft should provide free updates, citing survey data showing that most Windows PCs bought since 2019 are still in use and were expected to last through the next OS cycle.” – Sarah Lane [01:27]
4. SonicWall Urges Credential Resets After Firewall Breach
[01:54]
- SonicWall detected that attackers gained access to configuration backup files in fewer than 5% of MySonicWall accounts using brute force.
- Files contained encrypted passwords and sensitive configuration data.
- Customers urged to reset all passwords, keys, and tokens per SonicWall’s guidance.
- No evidence of ransomware or data leak; incident is under law enforcement investigation.
Notable Quote:
- “SonicWall says it’s blocked the attacker’s access, is working with law enforcement and published guidance for administrators to reset all passwords, keys and tokens.” – Sarah Lane [02:29]
5. TA558/“Revenge Hotels” Deploys AI-Generated Phishing Campaign in Latin America
[03:33]
- Threat group TA558, aka Revenge Hotels, is deploying AI-generated JavaScript and PowerShell phishing lures targeting hotels in Brazil and Spanish-speaking markets (per Kaspersky).
- Venom RAT malware is used, capable of data theft, acting as a proxy, disabling security tools, and persisting through defenses.
- Attacks show clear evidence of leveraging large language models for code generation.
- TA558 has targeted hospitality in Latin America since at least 2015.
Memorable Detail:
- “The phishing lures, written in Portuguese and Spanish, carry JavaScript and PowerShell loaders, with evidence that large language models generated portions of the code.” – Sarah Lane [03:50]
6. CISA Expands Global CVE Participation
[04:18]
- The US Cybersecurity and Infrastructure Security Agency (CISA) is seeking more international partners (e.g., ENISA) to participate in the Common Vulnerabilities and Exposures (CVE) program.
- Expansion aims to enhance CVE data quality and collaboration; management remains with CISA, but more US agency involvement is anticipated.
Quote:
- “CISA plans to expand international participation in the Common Vulnerabilities and Exposures or CISA CVE program… – Sarah Lane [04:21]
7. NIST Funds Workforce Development to Fill Cybersecurity Jobs
[04:53]
- The US Department of Commerce’s NIST awarded $3.3 million in cooperative agreements across 13 states to mitigate cybersecurity workforce shortages.
- There are 514,000 open cyber jobs, but only 74 qualified candidates per 100 jobs.
- Grants support regional multi-stakeholder alliances (RAMPs) to align workforce needs with government, academia, and private sectors.
8. Bridgestone Americas Recovers From Cyber Attack
[05:32]
- Bridgestone Americas restored network connections at North and Latin American facilities after a cyber incident earlier this month.
- The company is increasing production to pre-attack levels and continues to investigate with external experts and federal authorities.
- No disclosure on attacker access method, possible customer data impact, or financial losses.
Notable Quotes & Memorable Moments
- “Scattered Spider, the group that recently claimed it was retiring, has appeared to infiltrate a US bank…” – Sarah Lane [00:41]
- “Consumer Reports calls Microsoft hypocritical … this will strand millions of PCs that can't run Windows 11 and pose national security risks.” – Sarah Lane [01:14]
- “The group has apparently targeted hospitality firms in Latin America since at least 2015.” – Sarah Lane [04:08]
Additional Highlights
[06:19]
- Brief mention of ongoing challenges with “shadow AI,” highlighting how the rapid adoption of AI technologies introduces new risks and complexities similar to previous issues with “shadow IT.”
[07:41]
- Reminder to visit CISOseries.com for more details and full stories.
Useful Timestamps
- Insight Partners Breach: [00:07]
- Scattered Spider Bank Attack: [00:38]
- Microsoft Support Criticism: [01:12]
- SonicWall Credential Reset: [01:54]
- TA558 AI Phishing: [03:33]
- CISA CVE Internationalization: [04:18]
- NIST Cyber Workforce Grant: [04:53]
- Bridgestone Recovery: [05:32]
This episode offers a brisk but comprehensive rundown of emerging breaches, advanced threat actor tactics, pan-industry vulnerabilities, and the ongoing push to address systemic issues like workforce shortages and legacy software security gaps. The host’s tone remains direct and factual, providing clarity on complex stories for security practitioners and interested listeners alike.
